[Owasp-leaders] The Final Leaked TPP Text Is All That We Feared | Electronic Frontier Foundation

Milton Smith milton.smith at owasp.org
Tue Oct 13 21:27:47 UTC 2015

We should form a small working group (6-10max?) to discuss how best to 
engage industry and governments on security.  The group should develop 
broad set goals.  Develop courses of action that support the goals.  
Determine the type of resources required, human, technology, financial, 
etc.  Consider our actions from the benefit to OWASP members, 
government, industry, and the public.  We should not act too hastily.  I 
don't think we should make any public statements at this time.  I can 
help organize.  As mentioned I'm running for the board but win/loose I 
would still like to help in this area.

Anyone with an interest to help in this working group should respond to 
the thread.


On 13 Oct 2015, at 13:45, Tobias wrote:

> I agree that this is an important issue.
> What should we do as next step?
> Would a statement from OWASP in that regard be the appropriate way to 
> build awareness for this potentially problematic agreement text?
> Do Milton or Eoin maybe like to prepare a statement to run by the 
> community and later release by OWASP?
> Are there other steps you think we could or should initiate?
> Best regards, Tobias
> On 13/10/15 22:34, Eoin Keary wrote:
>> Milton, this is worth making a stand for.
>> I hope you are successful in the OWASP board elections.....
>> Eoin Keary
>> OWASP Volunteer
>> @eoinkeary
>> On 13 Oct 2015, at 8:22 p.m., Milton Smith <milton.smith at owasp.org 
>> <mailto:milton.smith at owasp.org>> wrote:
>>> A related article on TPP for everyone I found this morning.
>>> TPP requires countries to destroy security-testing tools (and your 
>>> laptop)
>>> http://boingboing.net/2015/10/13/tpp-requires-countries-to-seiz.html
>>> (article excerpt) "...order the destruction of devices and products 
>>> found to be involved in" breaking digital locks... used to identify 
>>> critical vulnerabilities in vehicles, surveillance devices, voting 
>>> machines, medical implants, and many other devices in our world.
>>> Among other things, this TPP provision includes destruction of 
>>> security static/dynamic analysis tools.  It's difficult to know if 
>>> these provisions will be adopted as written but I'm concerned it's 
>>> on the table for discussion.  As written, TPP will hurt industry 
>>> more than it will help.  Security researchers are not the problem.  
>>> The problem is vulnerable software.
>>> Unfortunately, it will take politicians and rights holders years to 
>>> learn from there mistakes.  Positive influence early in the policy 
>>> making process will be beneficial for everyone including OWASP 
>>> members.  I realize most OWASP members are not very interested in 
>>> politics.  Still unfavorable laws and regulations will make security 
>>> even more difficult than it is today.  Think of what it would mean 
>>> if ZAP becomes illegal software.
>>> --Milton
>>> On 13 Oct 2015, at 9:49, Milton Smith wrote:
>>>> I'm tracking TPP as well Tom.  Aside from favoritism for rights 
>>>> holders, there are some provisions negatively impacting security.  
>>>> Wassenaar Arrangement is a disaster, crypto backdoors, etc.  
>>>> Unwinding this mess will cause trouble for years.  Think of pass 
>>>> problems like ITAR.
>>>> OWASP must begin investing to positively to influence security from 
>>>> the top down as well.
>>>> --Milton
>>>> On 13 Oct 2015, at 1:40, Tom Brennan wrote:
>>>>> Worth a read when you consider getting behind and lobbying for 
>>>>> things that matter.
>>>>> https://www.eff.org/deeplinks/2015/10/final-leaked-tpp-text-all-we-feared
>>>>> Tom Brennan
>>>>> 973-506-9304
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org 
>>>>> <mailto:OWASP-Leaders at lists.owasp.org>
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders

More information about the OWASP-Leaders mailing list